Bug#413524: [Buildd-tools-devel] Bug#413524: sbuild: please document how to run build as non-root

Roger Leigh rleigh at whinlatter.ukfsn.org
Wed Mar 7 21:48:53 CET 2007 

Lucas Nussbaum <lucas at lucas-nussbaum.net> writes:

> On 06/03/07 at 21:07 +0000, Roger Leigh wrote:
>> Lucas Nussbaum <lucas at lucas-nussbaum.net> writes:
>> 
>> > I use sbuild in "schroot" chroot_mode. I can't find out how to run
>> > builds as a normal user (instead of root). This causes some packages to
>> > fail to build (for example: petsc, bazaar, subversion).
>
> What I'm trying to achieve is to run the build rule (debian/rules build)
> as a normal user. I usually run sbuild as root, and that's fine with me,
> but if I have to do something such as 'su - user -c "sbuild [...]"',
> that's fine as well for me.

sbuild will always build the package as the same user that invoked it,
whether using sudo or schroot.  If you run as root, it will build as
root, but if you build as yourself, it will use root privs to install
the build dependencies, and do all of the building as you.

The only situation where this might not occur if $fakeroot is "sudo"
or something other than "fakeroot".

> So what I was originally looking for was a '-u user' option, that would
> mean "use that username to run parts that can be run as user".
> The other way around (running everything as user except what needs
> root privileges) is more logical, indeed :-)

This is the default (and AFAICT) only behaviour, though.  You
shouldn't need to take /any/ extra steps to get the behaviour you
want!

>> If you could attach your sbuild.conf/.sbuildrc and schroot.conf, that
>> would be useful.
>
> Attached

Thanks.  They look OK to me.

>> If this only occurs for specific packages, the build
>> logs of those packages would also be useful.
>
> I have two different failures:
> - one when running sbuild as root, with some packages that fail to build
>   as root. A good example is petsc, because it fails at the start of the
>   build. See
>   http://people.debian.org/~lucas/logs/2007/02/01/debian-rebuild/petsc_2.3.2-1_etch32.buildlog
>
> - one when running sbuild as user:
> user at gdx0247:~$ sbuild -A -s -d etch32 -v petsc_2.3.2-1
> Automatic build of petsc_2.3.2-1 on gdx0247.orsay.grid5000.fr by
> sbuild/amd64 0.53
> Build started at 20070307-1058
> ******************************************************************************
> Error in tempfile() using
> /var/lib/schroot/mount/etch32-6bb5e78b-951f-4885-9931-1bc8fcd3c1d9//var/lib/sbuild/apt.conf.XXXXXX:
> Parent directory
> (/var/lib/schroot/mount/etch32-6bb5e78b-951f-4885-9931-1bc8fcd3c1d9//var/lib/sbuild/)
> is not writable
>  at /usr/share/perl5/Sbuild/Chroot.pm line 161

This is AFAICT a simple permissions problem.

Is $chroot/var/lib/sbuild group owned by group "sbuild" and group
writable?  Example:

% ls -ld /srv/chroot/sid/var/lib/sbuild
drwxrwsr-x 3 root sbuild 4096 2007-03-07 20:31 /srv/chroot/sid/var/lib/sbuild

This should be set up by "/usr/share/sbuild/buildd.chroot", and is
documented in sbuild-setup(7) part 7.

Are you in a member of group "sbuild"?

% id
uid=1000(rleigh) gid=1000(rleigh) groups=...,1000(rleigh),1001(sbuild)

This is done by "add_sbuild_user".  The requirement should be more
clearly documented in sbuild-setup though.

>> > If it is possible, could you please document how to build as normal user ?
>> 
>> It is certainly possible.  If the documentation is missing anything,
>> I'll add it as soon as we have figured out the problem.
>  
> One problem I had with documentation is the
> /usr/share/sbuild/add_sbuild_user script, which didn't work for me since
> I use schroot mode with "file" type chroots.

This is the case with a number of non-static chroot types.  I'll file
a separate wishlist bug about this.  I'll have to update
add_sbuild_user (and some other scripts, possibly) to be aware of
schroot chroots.  This is the case for most of the scripts now, so it
shouldn't be too much work.


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

More information about the Buildd-tools-devel mailing list